Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Blog
  • Pricing
  • Documentation
© 2025 Direct Cursus Technology L.L.C.
Yandex Container Registry
  • Getting started
    • All guides
    • Installing and configuring Docker
    • Authentication in Container Registry
      • Getting information about existing lifecycle policies
      • Creating a lifecycle policy
      • Updating a lifecycle policy
      • Performing lifecycle policy dry runs
      • Deleting a lifecycle policy
    • Scanning Docker images for vulnerabilities
    • Creating a trigger for a registry
  • Yandex Container Solution
  • Access management
  • Pricing policy
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Troubleshooting
  • FAQ
  1. Step-by-step guides
  2. Managing Docker image lifecycle policies
  3. Creating a lifecycle policy

Creating a lifecycle policy

Written by
Yandex Cloud
Improved by
Danila N.
Updated at April 22, 2025

You can only set a lifecycle policy for a repository. To find out the name of a repository, request a list of repositories in the registry.

Management console
CLI
Terraform
API
  1. In the management console, select the folder where the registry was created.
  2. In the list of services, select Container Registry.
  3. Select the registry and click the row with its name.
  4. Select the repository and click the row with its name.
  5. In the left-hand panel, click Lifecycle.
  6. In the top-right corner, click Create.
  7. Set the lifecycle policy parameters:
    • (Optional) Name.
    • (Optional) Description.
    • Status: Lifecycle policy status after its creation. We do not recommend creating an ACTIVE policy right away.
    • Under Lifecycle policy rules, add rules:
      1. Click Add.

      2. Set the rule parameters:

        • Tag regexp: Docker image tag for filtering. Java regular expressions are supported. For example, the test.* regular expression retrieves all images with tags starting with test.
        • Untagged: Flag indicating that the rule applies to Docker images without tags.
        • Expire period, in days: Time after which the lifecycle policy may apply to the Docker image.
        • Retained top: Number of Docker images that are not deleted even if they match the rule.
        • (Optional) Description.
  8. Click Create.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

  1. Prepare policy rules and save them to a file named rules.json.

    Example of the contents of a file with rules, where:

    • description: Description of the policy rule.
    • tag_regexp: Docker image tag for filtering. Java regular expressions are supported. For example, the test.* regular expression retrieves all images with tags starting with test.
    • untagged: Flag indicating that the rule applies to Docker images without tags.
    • expire_period: Time after which the lifecycle policy may apply to the Docker image. This parameter is formatted as a number and a unit of measure, such as s, m, h, or d (seconds, minutes, hours, or days). expire_period must be a multiple of 24 hours.
    • retained_top: Number of Docker images that are not deleted even if they match the rule.
    [
      {
        "description": "delete prod Docker images older than 60 days but retain 20 last ones",
        "tag_regexp": "prod",
        "expire_period": "60d",
        "retained_top": 20
      },
      {
        "description": "delete all test Docker images except 10 last ones",
        "tag_regexp": "test.*",
        "retained_top": 10
      },
      {
        "description": "delete all untagged Docker images older than 48 hours",
        "untagged": true,
        "expire_period": "48h"
      }
    ]
    
  2. Create a lifecycle policy by running the command:

    yc container repository lifecycle-policy create \
      --repository-name crp3cpm16edq********/ubuntu \
      --name test-policy \
      --description "disabled lifecycle-policy for tests" \
      --rules ./rules.json
    

    Where:

    • --repository-name: Repository name.

    • --rules: Path to the policy description file.

    • --description (optional): Lifecycle policy description.

    • --name (optional): Policy name. The naming requirements are as follows:

      • It must be from 2 to 63 characters long.
      • It may contain lowercase Latin letters, numbers, and hyphens.
      • It must start with a letter and cannot end with a hyphen.

    Note

    The default policy is created disabled (DISABLED status). We do not recommend creating an active policy (--active flag) right away.

    Result:

    id: crp6lg1868p3********
    name: test-policy
    repository_id: crp3cpm16edq********
    ...
    - description: delete all untagged Docker images older than 48 hours
      expire_period: 172800s
      untagged: true
    

    The expired_period parameter value in the response is displayed in seconds. This is a technical constraint, the format will be changed.

  3. Make sure that the policy is created by running the command:

    yc container repository lifecycle-policy list --repository-name crp3cpm16edq********/ubuntu
    

    Where repository-name is the repository name.

    Result:

    +----------------------+-------------+----------------------+----------+---------------------+-------------------------------+
    |          ID          |    NAME     |    REPOSITORY ID     |  STATUS  |       CREATED       |          DESCRIPTION          |
    +----------------------+-------------+----------------------+----------+---------------------+-------------------------------+
    | crp6lg1868p3******** | test-policy | crp3cpm16edq******** | DISABLED | 2020-05-28 15:05:58 | disabled lifecycle-policy for |
    |                      |             |                      |          |                     | tests                         |
    +----------------------+-------------+----------------------+----------+---------------------+-------------------------------+
    

If you do not have Terraform yet, install it and configure its Yandex Cloud provider.

  1. In the configuration file, describe the parameters of the resources you want to create:

    resource "yandex_container_repository_lifecycle_policy" "my_lifecycle_policy" {
      name          = "<policy_name>"
      status        = "<policy_status>"
      repository_id = "<repository_ID>"
    
      rule {
        description   = "<rule_description>"
        untagged      = true
        tag_regexp    = ".*"
        retained_top  = 1
        expire_period = "48h"
      }
    }
    

    Where:

    • name: Policy name.
    • status: Policy status. It can either be true or false.
    • repository_id: Repository ID.
    • rule: Section with the policy rule. Contains the following parameters:
      • description: Rule description.
      • untagged: If the parameter is set to true, the rule applies to all Docker images that do not have a tag.
      • tag_regexp: Docker image tag for filtering. Java regular expressions are supported. For example, the test.* regular expression retrieves all images with tags starting with test.
      • retained_top: Number of Docker images that will not be deleted even if they match the lifecycle policy rules.
      • expire_period: Time after which the lifecycle policy applies to the Docker image. This parameter comes as a number followed by a unit of measurement: s, m, h, or d (seconds, minutes, hours, or days). expire_period must be a multiple of 24 hours.

    For more information about the yandex_container_repository_lifecycle_policy resource parameters in Terraform, see the relevant provider documentation.

  2. Create resources:

    1. In the terminal, change to the folder where you edited the configuration file.

    2. Make sure the configuration file is correct using the command:

      terraform validate
      

      If the configuration is correct, the following message is returned:

      Success! The configuration is valid.
      
    3. Run the command:

      terraform plan
      

      The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.

    4. Apply the configuration changes:

      terraform apply
      
    5. Confirm the changes: type yes in the terminal and press Enter.

This will create a lifecycle policy in the specified repository. You can check the new policy and its settings using the management console or this CLI command:

 yc container repository lifecycle-policy list --registry-id <registry_ID>

To create a lifecycle policy, use the Create method for the LifecyclePolicyService resource.

Tip

You can test the lifecycle policy to check what Docker images comply with the policy rules. Docker images are not actually deleted during dry runs.

Was the article helpful?

Previous
Getting information about existing lifecycle policies
Next
Updating a lifecycle policy
© 2025 Direct Cursus Technology L.L.C.